1. Field of the Invention
The present invention relates to personal identification systems, and to user devices and verification computers for use therein.
2. Related Art
A personal identification system is used to identify a person as having authority to access the entity or facility that is guarded by the system. Examples of such access include logging on to a computing system, control system or database, possibly via a telecommunications link, and entry to a room or building. Upon identifying a person, commonly called a user, the verification computer enables an access control means specific to the particular application.
It is known, for example from U.S. Pat. No. 4,720,860, to generate passwords in accordance with a predetermined algorithm having a time dependent variable input provided by a digital clock which defines the variable as a function of the date and a predetermined interval of time. Thus the value of the variable input will change for each successive interval of time and in accordance with the actual value of time at, say, the start of each interval. Passwords are continually generated in a user device carried by an authorised user, the device having an internal clock which is initially synchronised with the internal clock of a verification computer. To gain a desired access via the verification computer, the user provides a public username to the verification computer followed by the password currently being generated by his user device. If this password matches a corresponding password generated by the verification computer in response to a recognised username and in accordance with its internal clock, the user is recognised or identified, and the access control means is enabled.
In accordance with a first aspect of the present invention, there is provided a personal identification system which practices a method of identifying a user comprising the steps of communicating to a verification computer a public username and an offered password, the offered password being provided by a user device in the possession of the user and being or having been generated in accordance with a first predetermined algorithm having an input formed by a static variable, utilizing in the verification computer the communicated username either to provide an expected password and to compare the communicated offered password with the expected password to identify the user upon the occurrence of a match, the expected password being or having been generated in accordance with the first predetermined algorithm with an expected value of the static variable, or to process the communicated offered password in accordance with the inverse of the first predetermined algorithm to obtain the value of the static variable corresponding to the communicated offered password and to compare the obtained value with the expected value of the static variable to identify the user upon the occurrence of a match, the expected value of the static variable of the utilising step being or having been generated directly or indirectly from the expected value corresponding to the next preceding match in accordance with a second predetermined algorithm.
In accordance with a second aspect of the present invention, there is provided a personal identification system which practices a method of verifying a user comprising the steps of communicating to a verification computer a public username and offered verification information, herein referred to as OVI, utilising in the verification computer the communicated username to provide expected verification information, herein referred to as EVI, and comparing the communicated OVI directly or indirectly with the EVI, the verification computer accepting the user as identified if the comparison result is a match, the OVI being provided by a user device in the possession of the user and being obtained in accordance with a first predetermined process, and the EVI being obtained in accordance with a second predetermined process, the method being characterised by either the OVI being or having been generated from static information associated with verification information last provided by the user device, and the EVI being or having been generated from static information associated with verification information last used by the verification computer successfully to identify the user, or the OVI being or having been generated from other information provided by the verification computer, and the EVI being or having been generated from the said other information.
In accordance with a third aspect of the present invention, there is provided a user device for use in a personal identification system, the device comprising means for storing a list of passwords, means responsive to receipt of a command signal for retrieving, in use, a password from the storing means, and means for providing the retrieved password, in use, to a verification computer of the system.
In accordance with a fourth aspect of the present invention, there is provided a user device for use in a personal identification system, the device comprising means for generating in response to receipt of a command signal a password to be offered, in use, to a verification computer of the system, and means for providing the generated password, in use, to the verification computer, the generating means being arranged to generate the password in accordance with a first predetermined algorithm having an input formed by a variable.
In accordance with a fifth aspect of the present invention, there is provided a verification computer for use in a personal identification system, comprising input means for receiving plural characters, means responsive to the receipt via the input means of a first predetermined character string, constituting a predetermined user name, for providing an expected password, means responsive to the receipt via the input means of a second predetermined character string, at least a part of which constitutes an offered password, for comparing the offered and expected passwords and for providing an indication in the event of a match, and means for counting said indications, and wherein the providing means comprises means for storing a list of passwords and means responsive directly or indirectly to the current count of the counting means for retrieving, in use, a password from the storing means.
In accordance with a sixth aspect of the present invention, there is provided a verification computer for use in a personal identification system, comprising input means for receiving plural characters, means responsive to the receipt via the input means of a first predetermined character string, constituting a predetermined user name, for providing an expected password, means responsive to the receipt via the input means of a second predetermined character string, at least a part of which constitutes an offered password, for comparing the offered and expected passwords and for providing an indication in the event of a match, and means for counting the indications, and wherein the providing means comprises means for generating the expected password in accordance with a predetermined algorithm having a variable input formed directly or indirectly by the current count of the counting means.